Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt

"Manger, James" <James.H.Manger@team.telstra.com> Tue, 12 March 2019 05:33 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72B18130ECE for <oauth@ietfa.amsl.com>; Mon, 11 Mar 2019 22:33:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=team.telstra.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gqI33psf_9Fz for <oauth@ietfa.amsl.com>; Mon, 11 Mar 2019 22:33:15 -0700 (PDT)
Received: from ipxbvo.tcif.telstra.com.au (ipxbvo.tcif.telstra.com.au [203.35.135.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C5D312008F for <oauth@ietf.org>; Mon, 11 Mar 2019 22:33:14 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.58,469,1544446800"; d="scan'208";a="290910145"
X-Amp-Result: SKIPPED(no attachment in message)
Received: from unknown (HELO ipcavi.tcif.telstra.com.au) ([10.97.217.200]) by ipobvi.tcif.telstra.com.au with ESMTP; 12 Mar 2019 16:32:59 +1100
Received: from wsmsg3706.srv.dir.telstra.com ([172.49.40.80]) by ipcavi.tcif.telstra.com.au with ESMTP; 12 Mar 2019 16:32:59 +1100
Received: from wsapp5584.srv.dir.telstra.com (10.75.131.20) by wsmsg3706.srv.dir.telstra.com (172.49.40.80) with Microsoft SMTP Server (TLS) id 8.3.485.1; Tue, 12 Mar 2019 16:32:58 +1100
Received: from wsapp5585.srv.dir.telstra.com (10.75.3.67) by wsapp5584.srv.dir.telstra.com (10.75.131.20) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 12 Mar 2019 16:32:58 +1100
Received: from AUS01-ME1-obe.outbound.protection.outlook.com (10.172.101.126) by wsapp5585.srv.dir.telstra.com (10.75.3.67) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Tue, 12 Mar 2019 16:32:58 +1100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.telstra.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iRW+Ue6YsG0Q33Cg8W4iSgbHrdMcOAd3+0KzkPOjjeg=; b=pnjUEiFlXCoxsHKWlp7Tbr1gAcwE1mGvtfvYceWvN1KUDoumdMmQt5w7Fbh6ouc3Y5sSRDNMLcsxCKoEDCtVGHs7MERWmWV2PXALJZbPvY2pjzu1wQav149RTEwU0q2C9kYyE0W7id4RKgO9ams4YIRh80RphrvOK0hVtMGF49k=
Received: from ME1PR01MB0771.ausprd01.prod.outlook.com (10.169.166.135) by ME1PR01MB0993.ausprd01.prod.outlook.com (10.169.166.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.16; Tue, 12 Mar 2019 05:32:57 +0000
Received: from ME1PR01MB0771.ausprd01.prod.outlook.com ([fe80::755c:abb6:3873:bdcb]) by ME1PR01MB0771.ausprd01.prod.outlook.com ([fe80::755c:abb6:3873:bdcb%3]) with mapi id 15.20.1686.021; Tue, 12 Mar 2019 05:32:57 +0000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt
Thread-Index: AQHU2A+zHe7vCPp5QkiY718kRVVQD6YHdJRQ
Date: Tue, 12 Mar 2019 05:32:57 +0000
Message-ID: <ME1PR01MB07716EBFB28834C960962F96E5490@ME1PR01MB0771.ausprd01.prod.outlook.com>
References: <155231144978.23050.17841259546883608773@ietfa.amsl.com>
In-Reply-To: <155231144978.23050.17841259546883608773@ietfa.amsl.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 10.0.500.19
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=James.H.Manger@team.telstra.com;
x-originating-ip: [203.35.9.18]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: db6f81b5-f1b4-48c6-c473-08d6a6ac2efb
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:ME1PR01MB0993;
x-ms-traffictypediagnostic: ME1PR01MB0993:
x-ms-exchange-purlcount: 6
x-microsoft-exchange-diagnostics: 1; ME1PR01MB0993; 23:GWSxIgucR16SmIdnKsHdp1tr5yQAP0I+lYKrgu74FyuVvUCdle8cMGU9ezVFLDHkFddXQLZ3vjRuoXGwZ+obnlTbd90iJk/rxwqPjywjVRdOQrjzJ/uSWg5fgZ4e+b9Y7lAdMQgXyEQjodXVOrYGUA3U2DHrQgxEW1QasHVqeYaJeLr4h4bNFXD5RtQ3JUtH8gQ6llO7BHrb8it2D10Vzsw2gPsXNJ9H5xJKotUa5ouRnxRT9QMjTgQa59CSVkNzYHDOGIVQ5DWWcrAXUHeNbPDDgJOnFASQ5H9pijWX0Ke39GXKWZGacn5m3VZ76ztIjzkEcgSWdamldUlVa41ROPHiE/mW6Zygkf/dib2K3jBXzSHDGqY5zW/xVP58uODDTjz4WIOZ8AcGMKJjXDRwol9nwrinfqQRovZhzYby5ZewGscpMyH0B2JNtzofVsAtBdTSw7uQYxTx0XrqmBtUMomXFsmUbi9Q7tyAzaALTWJAleoaA5yboMJYwNd4iWdXcw7w73wlqE+xY3LDvsK5smulHgRPdnUy/Eox9vdp+dQg7VEXUU5c8yzZeRH0ow4oqjZ4nKLZgSN56VjxgWNksWsV9KipzWvkSF5f8tAk9buIrmBH8AbqAP7b5XzZkrEdGW61uRl3sxZJcvAtlzSLUhruADL4vGhWh+hPy9Hapidejra/xBeTjnvRUL5Z11+X5DCPQ4vBFlAnnP0cN6e/Vg1GSLeRZuWBPxkOkHltPdBH84AgY+GX/ny9k/4EKsnmKDIepH99fx0gfeSxdivnPTuAIh5d9kSdNtiIoDouPvVwhXZcl+/IMtScd/AlpbAs9zbhWDNnvxPRazeosWSte6WfI0FP1rf7+He8pBWH+cxUvRPlnbIxxGaNPIl1PrJyhD9IdfsiYfXnm2P8L2+rQ+FUSG5cHrsOg7slI9hvveNsdDqOOweMCjhv5A/Gkmjlr53h7Ebb0RYbA1LSbG5i3l4Ya1EGrFV7uMCsJh0n6bwHYVhnVokhFtVvy3DleiyQLK7TTPNXTRDwynyRQ7sllBujfM6fSpuhZzERpUjf2A03dW4zoVe8NUIKDNJrc+rY+UTNA8K3eOrN6AmMhjvc69Oju8gmaAmMmzsN5XOOBreNM8faBDbl84x+LMTgt/vjR6Ii23oddU/wGo+drCQJEf+yLqqTJ6f5TM9aEJmIr2Yb1XV/LuDmyaD5cJrxImyjUoChKyuh7w4Xwut0uo9nxYjO1vJON1TBoyhRjq1afMmXonYQOYu8CPoO3lXHjloWC/+uCY7p/je2x9bylaFyA1X1GZHdAO7EWZQGnWrJZEcSDaYXn7+Dj16JGCdwQmai8RuX/fLPEzjG1AmqTBHhv6/6A0rMZ8uql+hmb+N7lXP0rzOsptOXsrCIMsMRnES1
x-microsoft-antispam-prvs: <ME1PR01MB0993570096FD737A4A03B015E5490@ME1PR01MB0993.ausprd01.prod.outlook.com>
x-forefront-prvs: 09749A275C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(136003)(396003)(346002)(376002)(366004)(13464003)(189003)(199004)(229853002)(256004)(966005)(14444005)(9686003)(8936002)(71190400001)(97736004)(71200400001)(102836004)(6436002)(105586002)(106356001)(55016002)(6306002)(3846002)(52536013)(5660300002)(1730700003)(7736002)(53936002)(2351001)(8676002)(81156014)(66574012)(81166006)(6116002)(74316002)(5640700003)(305945005)(6916009)(2501003)(86362001)(68736007)(33656002)(7696005)(6246003)(66066001)(25786009)(316002)(2906002)(99286004)(26005)(446003)(486006)(11346002)(476003)(14454004)(76176011)(186003)(72206003)(6506007)(478600001)(53546011); DIR:OUT; SFP:1102; SCL:1; SRVR:ME1PR01MB0993; H:ME1PR01MB0771.ausprd01.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0;
received-spf: None (protection.outlook.com: team.telstra.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: BPtcgRJWcjk2ji824Ih4V7Tl7DTl2clO/gcsorvcMLXfU4yPgMpRAmkFjT7ounlZEtTr50UBBZ7pxik3fRr285LAYNbHBnIIjG9FiQQuIHYPR+lY50OPfpx/zg2FRonLTXCzQSa/jF7A7E7OXuT+Wp59BLdOarsQCPL1d4r74ybJHQ+xNmtU2VFiZCwI/66PKn3x301hPIbl0+6C1f+4ZI6zqynLKRT2yIscLOjCTTGJGqn5tlC/LdSHkUUoTlp+1/Ow7NulnK3IU6QoKeshDzsIH9pn2Kqo9PF73PQ/TRKVbS0/M0Rnz1OnHti2t2CR/wsor3GzI203zq4t6FELzZlnwdL2+d5EYA0uu6CT97ft+go5cqxHCwGjotFxTnQSlAOz8e0sllDhZw9YndmlVCZxCqn7xwd8+qhs+5xwNdw=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: db6f81b5-f1b4-48c6-c473-08d6a6ac2efb
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2019 05:32:57.0790 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 49dfc6a3-5fb7-49f4-adea-c54e725bb854
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME1PR01MB0993
X-OriginatorOrg: team.telstra.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/3SOVu0KcdgJXrzvzDttdwxp4zG8>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2019 05:33:19 -0000

Syntax glitches in draft-ietf-oauth-pop-key-distribution-06:

1. "exp" and "nbf" values should be numbers, not strings, so must not have quotes [Section 4.2.2. "Client-to-AS Response"]

2. h'11' and b64'...' appear in the JSON examples, but should be "..." strings [Section 4.2.2. "Client-to-AS Response", members "kid", "x", "y"]

3. "iss" should be an https URI, such as "https://server.example.com", not "xas.example.com" [Section 4.2.2. "Client-to-AS Response"]. "aud" should probably be https://... as well, not http://....

--
James Manger

-----Original Message-----
From: OAuth <oauth-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
Sent: Tuesday, 12 March 2019 12:37 AM
To: i-d-announce@ietf.org
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.

        Title           : OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution
        Authors         : John Bradley
                          Phil Hunt
                          Michael B. Jones
                          Hannes Tschofenig
                          Mihaly Meszaros
	Filename        : draft-ietf-oauth-pop-key-distribution-06.txt
	Pages           : 17
	Date            : 2019-03-11

Abstract:
   RFC 6750 specified the bearer token concept for securing access to
   protected resources.  Bearer tokens need to be protected in transit
   as well as at rest.  When a client requests access to a protected
   resource it hands-over the bearer token to the resource server.

   The OAuth 2.0 Proof-of-Possession security concept extends bearer
   token security and requires the client to demonstrate possession of a
   key when accessing a protected resource.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-06
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-pop-key-distribution-06

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-pop-key-distribution-06


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth